NSA Is Tracking Mobile Phone Location On So Many People It Can't Handle The Data Storage

from the another-shoe-dropping? dept

We all know that Senators Ron Wyden and Mark Udall have been hinting strongly about the NSA tracking people's location via mobile phone location data. Since the Snowden documents started getting reported on, Wyden especially had ramped up his hints that mobile phone location data still undisclosed would be the real shocker. Back in October, it was revealed that the NSA had done a "pilot program" in the US to track people's locations via their mobile phones, but stopped the program and never used the data. In response to that, Senator Wyden hinted that there was much more to come:

“After years of stonewalling on whether the government has ever tracked or planned to track the location of law-abiding Americans through their cellphones, once again, the intelligence leadership has decided to leave most of the real story secret — even when the truth would not compromise national security,” Mr. Wyden said.

It would appear that "the real story secret" has started to come out via some new Snowden documents reported on in the Washington Post by Bart Gellman and Ashkan Soltani. Basically, while the NSA may not be spying on the location of Americans in the US via their mobile phones, they appear to be collecting location data of pretty much anyone all over the rest of the world to the tune of 5 billion records a day -- so much info that the NSA was having trouble storing it all (now you know what some of the Bluffdale datacenter in Utah is for).

The NSA cannot know in advance which tiny fraction of 1 percent of the records it may need, so it collects and keeps as many as it can — 27 terabytes, by one account, or more than double the text content of the Library of Congress’s print collection.

The location programs have brought in such volumes of information, according to a May 2012 internal NSA briefing, that they are “outpacing our ability to ingest, process and store” data. In the ensuing year and a half, the NSA has been transitioning to a processing system that provided it with greater capacity.

The NSA defends the program by saying that it uses the location data to find "unknown associates of known intelligence targets." Basically, it's tracking where everyone goes, just in case people end up spending time with people the NSA deems as being terrorists. However, that also means that the NSA has an astounding amount of really personal data on where pretty much everyone goes outside of the US, including who they meet with. The ability to abuse that data should be rather obvious. From that data, you can not only determine private business meetings, but you can figure out what doctors people go to, if they're cheating on their spouse, etc. And, given last week's revelations that the NSA has no qualms (at all) about using data on non-terrorists to embarrass them for the sake of embarrassing them, it's not difficult to see how the NSA might do the same over information gleaned from this vast trough of location information.

And, yes, despite the claims by the NSA, it appears to end up getting a ton of information on Americans as well, even if it's not actively collecting data within the US (ah, more "incidental" collections):

Some documents in the Snowden archive suggest that acquisition of U.S. location data is routine enough to be cited as an example in training materials. In an October 2012 white paper on analytic techniques, for example, the NSA’s counterterrorism analysis unit cites two U.S.-based carriers to illustrate the challenge of correlating the travels of phone users on different mobile networks. Asked about that, a U.S. intelligence official said the example was poorly chosen and did not represent the program’s foreign focus.

Elsewhere in the article, they quote NSA officials repeatedly saying that the program is "tuned to be looking outside the United States," but not saying it only collects info outside the US. Also, they make clear, once a person leaves the US, the NSA no longer believes the 4th Amendment applies to them, so their location is fair game in this giant database.. Asked for specific numbers, an NSA person said:

“It’s awkward for us to try to provide any specific numbers..."

And, at that point, they were cut off by an NSA spokesperson who didn't want the person to go any further. In other words, it's "awkward" for the NSA to admit that it's spying on pretty much everyone. Everyone.

Oh, and as for the methods used by some to avoid this kind of thing: getting prepaid lines, disposing of phones regularly, etc. Apparently the NSA is tracking that and it leads to greater suspicion:

Like encryption and anonymity tools online, which are used by dissidents, journalists and terrorists alike, security-minded behavior — using disposable cellphones and switching them on only long enough to make brief calls — marks a user for special scrutiny. CO-TRAVELER takes note, for example, when a new telephone connects to a cell tower soon after another nearby device is used for the last time.

The NSA defends this program, arguing (as it always does) that there's nothing wrong with doing what it's doing. Billions of people living around the globe might disagree.

What are the chances they already collect it on all US calls to?

What are the chances they already collect the same data on all calls in the US to?

I'd say pretty darn good. After all, by the NSA's logic, not everyone is a US citizen in the US, so the constitution doesn't apply to them. And if a terrorist enters the US, and the NSA is met to stop terrorism, shouldn't they keep on tracking their location when they're here to?

I don't buy for a second that they aren't doing that already under that logic. We've already seen countless times how the NSA doesn't respect the law or constitution.

Re: What are the chances they already collect it on all US calls to?

In this case they probably are telling the truth, but only technically.

You see the NSA doesn't need to directly collect that data on americans to have access to it, they just let some other country's spy agency (like say GCHQ) scoop up the data, and then get it from them.

Do it that way, and they can still get all that locational data, while still being able to claim that they aren't gathering it.

Re: Re: What are the chances they already collect it on all US calls to?

You see the NSA doesn't need to directly collect that data on americans to have access to it, they just let some other country's spy agency (like say GCHQ) scoop up the data, and then get it from them.

There's an even simpler solution: ask the phone companies for it. They've proven they're willing to give the NSA pretty much anything with no due process at all.

"...awkward..." - I don't think that word means...

"Awkward" as in "self-incriminating to admit the vastness of the overreach as regards the rights of citizens"? "Awkward" as in - "embarrassing to confess the terrifying degree of totalitarian fascism the numbers imply"?

This sounds awfully low: "27 terabytes"Considering the scale of the effort, I'm thinking of a Hadoop cluster to process and store the dataset. Definition for those that need it.I'm thinking that might just be one data node, but out of how many?

Re:

Re: Re:

Is that 27 Terabytes a day, week month or year?

The article doesn't say, but if NSA is having trouble storing that much data, it's got to be at bare minimum per month, more likely per week or per day. Actually I think the most likely scenario is the reporter completely misunderstood the information and the number has very little to do with anything.

Re:

Half the world makes less then a US Dollar a day in their own currency, and plenty others are so poor they can't afford a cell phone. Plus, this data is probably compressed, and probably mostly just text or numbers, so it likely isn't that big.

Re:

yeah but they use an other program to track usage patterns, so depending on how soon the random stragers start using your old phones and how soon you make a few calls on your new one, they will know right away... in an hour or the same day

Re:

It doesn't. If anything the mass surveillance poses a very real threat to the American republic, as shown by the politically motivated targeting of groups by the IRS, which is why the NSA always tries to wash its hands of any wrongdoing following these revelations. Billions of tax dollars squandered to violate our Constitutional rights (a serious criminal offense, I might add) and not a single terrorist has been caught, let alone averted (e.g. Boston Bombers).

Domestic spying is good for national security. Just ask Hitler and Stalin. (The NSA makes both of them seem like rank amateurs.)

Tiny fractions of large numbers

The NSA cannot know in advance which tiny fraction of 1 percent of the records it may need, so it collects and keeps as many as it can ó 27 terabytes

As other commenters have pointed out, 27tb consists of the data over what time span? The total is certainly more by now. Nonetheless, a little napkin math.

27Tb == 29686800000000 bytes. Let's say the "tiny fraction of 1% is 0.001%. that means that they think they need over 196 gigs of location information. Location information is pretty tiny. You can store latitude and longitude with a resolution of .3 inches in 64 bits. let's be generous and add another 32 bytes to hold a GUID to identify the location. That would be a total of, say, 40 bytes (assuming 8-bit bytes) to be very generous.

That means that they are interested in about 7,421,700 location identifiers.

Re: Tiny fractions of large numbers

You can store latitude and longitude with a resolution of .3 inches in 64 bits. let's be generous and add another 32 bytes to hold a GUID to identify the location. That would be a total of, say, 40 bytes (assuming 8-bit bytes) to be very generous.

There could be a lot more information than that, though.

- which tower it's connected to- previous tower it was connected to- which network- most recent phone call- other phones connected to the tower- how long it's been connected to that tower- signal strength- phone model- operating system

Who knows what else, but there's a lot of things that could be included in the category "location information".

"a "pilot program" in the US to track people's locations via their mobile phones"

Actually he said a pilot program to track US people's phones IN REAL TIME. The phone metadata has enough information in it to calculate the triangulation data and get a location, and NSA gets that data. It does have Americans location data too from the meta data. It may only be *near* real-time and not *real-time*, but it is location tracking.

And of course once they tapped the backbone, they also intercept all the location requests smartphones make too. So when your Smartphone asks a location service to estimate the location based on nearby wifi and cell tower points, it's actually reporting your location to the NSA, because they see those requests too.

Now you can see the "correlation" trick. If you want to know who associates with who, you can correlate their locations and see who moves together, or who 'associates'. They don't need to call each other or make otherwise interact, simply the fact that their locations track together over a period of time shows the association.

The next step of this would be outside NSA, so not in the Snowden leaks, but certainly happens, leverage!

Made up example: UK Minister 'Keith' likes to pickup rent boys. NSA correlates 'Keith' and his rent boy, and is able to determine which rent boy he bums.CIA visits 'Keith' and as 'pals', suggest he keeps his rent boy bumming more discrete. Showing him the evidence and 'befriending' Keith. Later on, asking their new 'friend' for his help in protecting their surveillance of Brits, after all, they did him a favor and now he should do them one in return. Keith then attempts to silence the press about the NSA surveillance for self preservation.

You can see how easy it is to lose a democracy when you introduce surveillance. Keith no longer works for his country, he works for the foreign power.

Now what happens when the spy agency (like FSA/KGB) spies on their own country? Exactly the same, only the power is then in the spy agencies hands, not the voters.

So you can also see why this surveillance will inevitably end US democracy.

Re: Re:

"said location data was not included"

Location data is not included in phone metadata. Cell tower is. It used for billing and service.

The cell towers are know locations, your phone is connecting and disconnecting from these towers as you move. Your signal strength is known, hence location is triangulable. This is based on my own knowledge of these systems circa late 90's.

And of course the Smartphone wifi version of triangulation thing (which NSA gets whenever your browser uses a location service) is well documented.

Re: Anyone still think

You Can't Get Pre-Paid SIMs Easily Anymore

As a cellular industry consultant and long-time geek, I've had two personal cell phones since 1999. One was a US phone with an account at a US carrier, and the other was always a "world phone" with multiple bands, and bought full price and unlocked, which I used as a travelling phone.

Whenever I went abroad, most countries would sell a SIM card in the airport, or on the main street shops, I'd just pop it into my phone, and in most cases, incoming calls were then free (to me). This was way better than the $4/min AT&T was offering.

I spend years doing this with great ease. Most developing countries had low fees for the SIM, and the EU was easy, but Japan and Korea were tougher because of technology differences. But through the period of 2002 through 2009, the world pretty much closed down for SIM card business.

Most countries now require a very large amount of personal data on a person for them to get a SIM card or cellphone. You need to provide passport numbers, local Citizen IDs (Spain), an official home address in the country (France). India, after the Mumbai bombings, required photocopies of the passport, an address (hotel), some forms completed. Bear in mind, this is all at some tin box roadside vendor. He collects the paperwork, sends it by bike to the town's main telco branch. The telco processes it. In my case, some small error on a form meant that my SIM card was cancelled 2 days after I paid for it, and in the middle of my trip. Fun.

So, globally, now it's pretty hard to just pick up a local SIM. They want to know exactly who you are. That applies whether you're a terrorist, a holidaymaker, or a business shmoe.

Bear in mind, same thing has happened in hotels. Used to be you could travel anonymously, but now a passport is somehow a required document for a hotel room in many countries.

The NSA, GCHQ and other secret agencies already have unfathomable more secret power and information about us citizens, than Lavrentiy Beria or Heinrich Himmler both infamous secret services chiefs during Stalin's rule of the Soviet Union or Hitler's rule of Nazi Germany. Now, they want to destroy the freedom of the press in order to have total control. They are no different from other human beings anywhere, when given uncontrolled power they become corrupt,paranoid and quite dangerous to us all. It is high time to make them fully accountable/stop them using any available non-violent means of resistance as our freedoms and democracies are at stake!

Spying on everyone's personal lives and associations. Out of all the leaked documents, this story pisses me off the most.

The spies have torched the constitution though their "incidental" collection, and storage, of all American's movement patterns.

The only thing that can ultimately come from these mass surveillance programs is some form of totalitarianism.

Which is why the Founding Fathers of the United States explicitly included the 4th Amendment. I'm sure if cellphones were around back then, the amendment would have read, "Secure in person, papers, effects, (and) cellphone records!

This pisses me off so bad. The spies are destroying our democracy. Bunch of rat bastard traitors. Every last one of them.